Hackers Exploiting Malware In Google Docs

Uploaded on 2025-03-06 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

A particularly insidious form of malware known as Infostealer is a program that is designed to quietly infect a system and run discretely in the background, to secretly steal sensitive data like passwords or chat logs and send them back to hackers. After it infects a system, it gathers sensitive data such as login credentials, credit card details, chat logs, browsing history and more.

Hackers are now using infostealer on traditional platforms like Google Docs to steal sensitive data from users, according to a new report by AhnLab's Security Intelligence Center (ASEC). 

It uses a tactic known as “malware-as-a-service,” which is making it more difficult for security systems to detect threats and is increasingly being used to target both individuals and organisations worldwide.These criminal programs are usually delivered through phishing attacks, compromised websites, masquerading as pirated software or malicious attachments.

One of the most well known infostealers is LummaC2, which has been active since 2022. It targets browsers, stealing critical information like passwords, cookies, and autofill data. But, a newer hacker, ACRStealer, has recently been discovered by ASEC.

ASEC monitors the Infostealer malware disguised as illegal programs such as cracks and keygens being distributed, and publishes related trends and changes through the Ahnlab TIP and ASEC Blog posts. While the majority of the malware distributed in this manner has been the LummaC2 Infostealer, the ACRStealer Infostealer has seen an increase in distribution.

Infostealer is being increasingly used by cyber criminals, specialising in stealing system data, credentials, crypto-currency wallet details, and configuration files from across a range of different programs.

What sets ACRStealer apart is its use of trusted platforms to communicate with its command-and-control (C2) servers. Rather than embedding the C2 address directly in the malware, attackers use platforms like Google Docs, Steam, and Telegra.ph as intermediaries.

By encoding the C2 address in Base64 and storing it on these trusted sites, attackers can avoid detection, making the malware harder to track. This method, known as Dead Drop Resolver (DDR), allows the malware to function with minimal risk of being detected by security software. The type of data ACRStealer is capable of stealing is extensive. It includes not only browser data, but also text files, FTP credentials, remote access program details, and VPN information.

The malware even targets password managers and chat logs, making it a potent tool for cyber criminals seeking to gather sensitive information.

The use of trusted platforms as delivery methods for malware only underscores the growing complexity of modern cyber attacks.  As cyber criminals continue to evolve their tactics, both individuals and organisations must stay proactive in their cyber security efforts.

Ahnlab     |     I-HIS     |     Tom's Guide     |     Yahoo  |    Cyber News   |     Security Magazine

Image: Unsplash

You Might  Also Read: 

The Proliferation Of Open Source Malware:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« DeepSeek - A Deep Dive Reveals More Than One Red Flag
Russian Hackers Penetrate Ukrainian Signal Accounts »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

IPVanish

IPVanish

IPVanish has its roots in over 15 years of network management, IP services, and content delivery services. Now we're bringing these finely honed skills to VPN.

Axial

Axial

Axial Systems is one of the UK’s leading solution providers and systems integrators in network, security and services.

Black Duck Software

Black Duck Software

Black Duck Hub allows organizations to manage open source code security as well as license compliance risks.

Secarma

Secarma

Secarma provides penetration testing, security assessments, consultancy, and training services to ensure your digital infrastructure is secure from cybersecurity threats.

CounterCraft

CounterCraft

The CounterCraft Cyber Deception Platform fits seamlessly into existing security strategies and delivers high-end deception for threat hunting and threat detection.

ecsec

ecsec

ecsec is a specialized vendor of security solutions including information security management, smart card technology, identity management, cloud computing and electronic signature technology.

Excellium Services

Excellium Services

Excellium’s Professional Services team combines expertise and experience that complements your in-house security resources.

Marvell Technology Group

Marvell Technology Group

Marvell is a semiconductor company providing solutions for storage, processing, networking, security and connectivity.

EPIC Insurance Brokers & Consultants

EPIC Insurance Brokers & Consultants

EPIC is an insuarnce broker and consultancy firm. Risk management services include risk consultancy and cybersecurity insurance.

Sevatec

Sevatec

Sevatec’s Active Cyber Defense (ACD) methodology proactively defends against adversarial kills chain, addressing active and emerging threats while reducing program vulnerabilities and risks.

Informatics International

Informatics International

Informatics is a leading ICT provider in Sri Lanka, providing cutting-edge software & infrastructure solutions and services including cyber security.

Island

Island

Island puts the enterprise in complete control of the browser, delivering a level of governance, visibility, and productivity that simply weren’t possible before.

Entro Security

Entro Security

Entro is the first holistic secrets security platform that detects, safeguards, and enriches with context your secrets across code, vaults, chats, and platforms.

ELK Analytics

ELK Analytics

ELK Analytics is a specialized Managed Security Services Provider (MSSP) that focuses on endpoint security and monitoring & alerting for any type of structured or unstructured data.

EK3 Technologies

EK3 Technologies

EK3 Technologies mission is to provide comprehensive cybersecurity and IT solutions that allow our clients to focus on sustaining their business.

Mplify Alliance

Mplify Alliance

Mplify’s mission is to amplify global network and service innovation, interoperability, and resilience through collaboration, standardization, automation, and certification.